Wishbone is an online survey creation tool that's popular with teens, who use it to post quizzes, one of the top ten social Iphone apps in the USA. All of its records have leaked: millions of records, including millions of email addresses and full names, as well as hundreds of thousands of cellphone numbers.
The overwhelming majority of the site's users appear to be girls under 17.
The breached database is circulating freely online.
Beyond a terse notification, Wishbone and its parent company, incubator Science, Inc., are not talking about the breach.
Users can sign up for Wishbone without providing any information—so the hacked database doesn't contain identifying information for all the affected users. However, Hunt said he was able to verify that the leaked data is legitimate because he confirmed the existence of more than a dozen leaked accounts through the app's API.Science Inc., the tech incubator that owns the app confirmed the breach on Wednesday in a statement emailed to Motherboard, saying hackers "may have had access to an API without authorization."
"The vulnerability has been rectified," Science Inc's co-founder and general counsel Greg Gilman wrote in the email.
Popular Teen Quiz App Wishbone Has Been Hacked, Exposing Tons of User Information
[Lorenzo Franceschi-Bicchierai/Motherboard]